On my web server, my file permissions are all over the place and I want to 'reset' everything back to how it originally was. I don't want any users to be able to come in and delete things off my web server! I just want them to be able to look at php pages etc.

What chmod should I use?

They should be as restrictive as possible, but no more.

Usually 0644 is a good choice, which gives the owner read and write rights, but everybody else only read. 0755 for directories. But, it can depend on your specific system settings.

Here's a summary that I have gathered

• chmod all files to 644
• chmod all .htaccess files to 644
• chmod all robots.txt files to 644
• chmod all directories to 711
• chmod all directories with directory listing (.htaccess Options +Indexes) to 755
• chmod all directories that users can upload files to, to 755 (ex: /uploads/)

If you want to reset everything, do this command and sort out the consequences. Usually 644 is a good permission for files and 711 is for directories. If you allow directory listings, then use 755.

$ find /var/www/html \( -type f -execdir chmod 644 {} \; \) \
                  -o \( -type d -execdir chmod 711 {} \; \)

If you want something less invasive, then just remove the write bits for group and "other".

$ chmod -R go-w /var/www/html

I think 644 is standard for files and 755 for directories.

If your webserver serves only webpages, without allowing access through (e.g.) anonymous FTP, then incorrect file permissions do not allow users to remove files.

If other people have access to your server through other means (e.g. SSH), then make sure that the write-bit is not set for users other than yourself. Execute:

find . -exec chmod go-w {} \;

This command will restrict the permissions of all files and directories in which it is executed.

Whichever approach you use, be sure to do some thorough testing if there is any chance that your web application relies files or dirs having certain permissions. While allowing too permissive permissions is probably bad design, this does happen sometimes, so you might break the application.